ThreatPress

WordPress Vulnerabilities Database

Back

WordPress LearnDash LMS plugin <=2.5.3 - Unauthenticated arbitrary file upload vulnerability

Product
LearnDash LMS
Description
An unauthenticated arbitrary file upload vulnerability by NinTechNet in WordPress LearnDash LMS plugin (versions <=2.5.3).
Solution
Update the WordPress LearnDash LMS plugin to the latest available version (at least 2.5.4).
Classification
Type Arbitrary File Upload
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=2.5.3
Fixed In 2.5.4
Disclosure date
2018-01-10
Credits
NinTechNet
Submitter
ThreatPress